ARP Logic Question

Unanswered Question
Jul 28th, 2010

Hi,

Can anyonehelp me understand an issue with ARP logic?  I installed a multi-context firewall and did not use the auto mac command.  The router showed (for example) for the subinterfaces on the contexts

arp ip x.x.x.30  mac xxxx.xxxx.fee1

arp ip x.x.x.31  mac xxxx.xxxx.fee1

arp ip x.x.x.32  mac xxxx.xxxx.fee1

IP traffic to the various contexts never flowed.  I had to implement the auto mac command which gave each context its own MAC.  My question is, is it against the logic to have multiple IPs for one MAC?  I did not think it was.  Why did I have to use teh auto-mac command on the firewall then?  Thanks for any info....

Rob

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mohamed Sobair Wed, 07/28/2010 - 11:13

Rob,

Multiple context in a firewall typically devide the physical hardware into two logical devices. In order for traffic to pass from the router to either context, then the router should know the layer-2 adjacency mac & layer-3 addresses of the nexthop in order to forward the packet succesfuly. Hence for each context you should have different layer-3 and layer-2 addresses.

You cant have the same Mac assigned to multiple IP addresses!!!

HTH

Mohamed

Richard Burts Wed, 07/28/2010 - 15:37

Mohamed

I liked the first part of your answer. But I must disagree with the part where you say:"You cant have the same Mac assigned to multiple IP addresses!!!  You certainly can have the same MAC associated with multiple IP addresses. If you do show arp on an interface connected to a router that is doing proxy arp you will find multiple IP addresses all associated with the router MAC address. Or if you do show arp on an interface connected to a device that is doing address translation you will find multiple IP addresses (the addresses being translated) associated with the MAC of the device that is doing the translation.

You are correct that in the case of this problem there is a need to unique MAC address to identify the multiple logical entities involved. But it is not true that in general you can not associate multiple IP addresses with a single MAC.

HTH

Rick

Actions

This Discussion